"Windows 7 Recovery" Virus

[Cobe]

Nothing was found on the TDSSkiller scan..

This is what happens(just an example, other pages pop up aswell as this one).
The page that shows:

The URL:

The page that initiates the redirection(so i believe, it says this, then switches to what looks like an IP address, then says the page that's about to show up):

 

[johnb35]

Looks like you are redirecting because of your search engine you use.

prefs.js: browser.search.selectedEngine - Secure Search

change it to standard google, bing, yahoo instead and lets see if they stop.


1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Folder::
c:\users\Jack\AppData\Local\{5DA6C3AC-52F9-4232-BE88-D27914A127F0}
c:\users\Jack\AppData\Local\{FF480062-9401-44D5-9336-9AE50C3C0E5A}
c:\users\Jack\AppData\Local\{650B1C36-D23F-4D07-8E13-DD2991C5D6D7}
c:\users\Jack\AppData\Local\{E602701E-17EE-451B-B9E5-0F67BC5B58E4}
c:\users\Jack\AppData\Local\{C50C95DC-4C76-4191-BBF0-D746298DF866}
c:\users\Jack\AppData\Local\{AFFA8E31-62C4-442C-858F-976AE601C0BF}
c:\users\Jack\AppData\Local\{30168E98-02C1-4CDC-9306-9E570E0A2AF8}
c:\users\Jack\AppData\Local\{B3824BFE-D4D6-4BEB-AC8B-B3BD740F1900}
c:\users\Jack\AppData\Local\{F59CCA88-468D-480A-9F6C-CC1DA6D3D6E8}
c:\users\Jack\AppData\Local\{A5A71933-630A-4EFA-9FC7-B7D96C0F4D48}
c:\users\Jack\AppData\Local\{0435406E-3673-49BE-BC07-D2055D5C0C2A}
c:\users\Jack\AppData\Local\{F2B74F85-7C56-4BE5-9DE3-46058D2F5AE2}
c:\users\Jack\AppData\Local\{DE7CAB72-8A91-4166-BE35-2C80FC71536B}
c:\users\Jack\AppData\Local\{F82B0662-9998-48F7-9FC3-C830E8C0AD00}
c:\users\Jack\AppData\Local\{A0F5423F-BB50-4275-9535-BFD5D16E691A}
c:\users\Jack\AppData\Local\{8DCCA208-7425-4D87-B063-ED6543104C2A}
c:\users\Jack\AppData\Local\{3A270F3C-EA59-46CA-A445-1BB7AF40ACF5}
c:\users\Jack\AppData\Local\{67A6A9CF-8649-4365-A13E-4E3F9D908BDB}
c:\users\Jack\AppData\Local\{8F244495-90AD-4C8C-8649-8D3FCA3A6120}
c:\users\Jack\AppData\Local\{4324DBF7-68D4-487A-AF85-2C46026FF7D5}
c:\users\Jack\AppData\Local\{16C42A90-A2F3-4991-B453-440E30882A43}
c:\users\Jack\AppData\Local\{38A0550D-9F4C-49A0-BB32-19B84E428AFA}
c:\users\Jack\AppData\Local\{C064C66B-E7B3-45E6-B186-B98C6DECB82F}
c:\users\Jack\AppData\Local\{7B2025EC-32BD-450A-BF0D-18D111DEBB0F}
c:\users\Jack\AppData\Local\{67E959D1-215D-4D61-8581-0795D061BDED}
c:\users\Jack\AppData\Local\{7A4478C7-EF8A-4C7D-B169-34E503AD51C3}
c:\users\Jack\AppData\Local\{DDA2FA57-AF5D-4847-A3C8-BED7D30A604E}
c:\users\Jack\AppData\Local\{35E1CDD2-F308-48E9-9D0B-03432EB90E09}
c:\users\Jack\AppData\Local\{02B4EA88-7ABF-43BF-9F5C-1370378216E9}
c:\users\Jack\AppData\Local\{F27BE893-70A0-4D62-BCF7-EB0D33174F17}

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

 

[Cobe]

Hmm.. My search engine is www.google.co.uk

When i try to put ComboFix on my desktop it created a shortcut, will that still work?

 

[johnb35]

To move combo fix, right click on combofix and click on cut, go to your desktop in an open area and right click, click on paste.

Well according to combofix your firefox search engine is "secure search".

 

[Cobe]

How do i change it then, becuase in settings it's google and always has been =\

Here's the combofix log, it had to update Combofix so i'm not sure if it scanned from the notepad file or not:

-----------------------------------------------------------------------------------------------ComboFix 11-06-11.01 - Jack 11/06/2011 17:03:59.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.2169 [GMT 1:00]
Running from: c:\users\Jack\Desktop\ComboFix.exe
Command switches used :: c:\users\Jack\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jack\AppData\Local\{02B4EA88-7ABF-43BF-9F5C-1370378216E9}
c:\users\Jack\AppData\Local\{0435406E-3673-49BE-BC07-D2055D5C0C2A}
c:\users\Jack\AppData\Local\{16C42A90-A2F3-4991-B453-440E30882A43}
c:\users\Jack\AppData\Local\{30168E98-02C1-4CDC-9306-9E570E0A2AF8}
c:\users\Jack\AppData\Local\{35E1CDD2-F308-48E9-9D0B-03432EB90E09}
c:\users\Jack\AppData\Local\{38A0550D-9F4C-49A0-BB32-19B84E428AFA}
c:\users\Jack\AppData\Local\{3A270F3C-EA59-46CA-A445-1BB7AF40ACF5}
c:\users\Jack\AppData\Local\{4324DBF7-68D4-487A-AF85-2C46026FF7D5}
c:\users\Jack\AppData\Local\{5DA6C3AC-52F9-4232-BE88-D27914A127F0}
c:\users\Jack\AppData\Local\{650B1C36-D23F-4D07-8E13-DD2991C5D6D7}
c:\users\Jack\AppData\Local\{67A6A9CF-8649-4365-A13E-4E3F9D908BDB}
c:\users\Jack\AppData\Local\{67E959D1-215D-4D61-8581-0795D061BDED}
c:\users\Jack\AppData\Local\{7A4478C7-EF8A-4C7D-B169-34E503AD51C3}
c:\users\Jack\AppData\Local\{7B2025EC-32BD-450A-BF0D-18D111DEBB0F}
c:\users\Jack\AppData\Local\{8DCCA208-7425-4D87-B063-ED6543104C2A}
c:\users\Jack\AppData\Local\{8F244495-90AD-4C8C-8649-8D3FCA3A6120}
c:\users\Jack\AppData\Local\{A0F5423F-BB50-4275-9535-BFD5D16E691A}
c:\users\Jack\AppData\Local\{A5A71933-630A-4EFA-9FC7-B7D96C0F4D48}
c:\users\Jack\AppData\Local\{AFFA8E31-62C4-442C-858F-976AE601C0BF}
c:\users\Jack\AppData\Local\{B3824BFE-D4D6-4BEB-AC8B-B3BD740F1900}
c:\users\Jack\AppData\Local\{C064C66B-E7B3-45E6-B186-B98C6DECB82F}
c:\users\Jack\AppData\Local\{C50C95DC-4C76-4191-BBF0-D746298DF866}
c:\users\Jack\AppData\Local\{DDA2FA57-AF5D-4847-A3C8-BED7D30A604E}
c:\users\Jack\AppData\Local\{DE7CAB72-8A91-4166-BE35-2C80FC71536B}
c:\users\Jack\AppData\Local\{E602701E-17EE-451B-B9E5-0F67BC5B58E4}
c:\users\Jack\AppData\Local\{F27BE893-70A0-4D62-BCF7-EB0D33174F17}
c:\users\Jack\AppData\Local\{F2B74F85-7C56-4BE5-9DE3-46058D2F5AE2}
c:\users\Jack\AppData\Local\{F59CCA88-468D-480A-9F6C-CC1DA6D3D6E8}
c:\users\Jack\AppData\Local\{F82B0662-9998-48F7-9FC3-C830E8C0AD00}
c:\users\Jack\AppData\Local\{FF480062-9401-44D5-9336-9AE50C3C0E5A}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 16:07 . 2011-06-11 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 13:36 . 2011-06-11 13:36 -------- d-----w- c:\users\Jack\AppData\Local\{A28DCEDD-B430-4441-8CD7-75E7A3E8FEE5}
2011-06-10 18:16 . 2011-06-10 18:17 -------- d-----w- c:\users\Jack\AppData\Local\{D5DD1E7A-6E3A-4353-BFD1-B93EA3B0F833}
2011-06-10 18:16 . 2011-06-10 18:16 -------- d-----w- c:\users\Jack\AppData\Local\{8370AFCD-3AAF-4040-8C33-B0653CF7EDD6}
2011-06-10 18:08 . 2011-05-24 18:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95817D07-89FB-4CDC-87D5-BA79877DE327}\mpengine.dll
2011-06-09 16:34 . 2011-06-09 16:34 -------- d-----w- c:\windows\Java
2011-06-09 16:34 . 2009-11-12 16:19 27136 ----a-w- c:\windows\SysWow64\PCWizard.cpl
2011-06-09 16:34 . 2011-06-09 16:34 -------- d-----w- c:\program files (x86)\CPUID
2011-06-08 11:54 . 2011-06-08 11:54 -------- d-----w- c:\windows\system32\SPReview
2011-06-08 11:53 . 2011-06-08 11:53 -------- d-----w- c:\windows\system32\EventProviders
2011-06-08 11:45 . 2010-11-20 13:27 1900544 ----a-w- c:\windows\system32\setupapi.dll
2011-06-08 11:44 . 2010-11-20 13:27 172544 ----a-w- c:\windows\system32\twext.dll
2011-06-08 11:43 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-06-08 11:43 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-06-08 11:43 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-06-08 11:43 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-06-08 11:42 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-08 11:42 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-08 11:42 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-08 11:42 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-08 11:42 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-08 11:42 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-06-08 11:42 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-06-08 11:15 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-08 11:15 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-08 11:15 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-08 11:15 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-06-05 13:29 . 2011-06-05 13:29 388096 ----a-r- c:\users\Jack\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-04 22:25 . 2011-06-04 22:25 -------- d-----w- c:\users\Jack\AppData\Roaming\cYo
2011-06-04 22:25 . 2011-06-04 22:25 -------- d-----w- c:\users\Jack\AppData\Local\cYo
2011-06-04 22:06 . 2011-06-04 22:08 -------- d-----w- c:\program files\ComicRack
2011-06-04 21:58 . 2011-06-04 21:58 -------- d-----w- c:\users\Jack\AppData\Roaming\vlc
2011-06-04 20:27 . 2011-06-04 20:29 -------- d-----w- c:\users\Jack\AppData\Local\Graboid
2011-06-04 20:27 . 2011-06-04 20:27 -------- d-----w- c:\users\Jack\AppData\Local\Geckofx
2011-06-04 20:26 . 2011-06-04 20:26 -------- d-----w- c:\program files (x86)\VideoLAN
2011-06-04 20:26 . 2011-06-04 20:27 -------- d-----w- c:\program files (x86)\Graboid
2011-05-28 21:48 . 2011-05-28 21:48 -------- d-----w- c:\users\Jack\AppData\Roaming\NCH Software
2011-05-28 18:30 . 2011-05-28 18:30 -------- d-----w- c:\users\Jack\AppData\Roaming\NCH Swift Sound
2011-05-28 18:30 . 2011-05-28 18:30 -------- d-----w- c:\programdata\NCH Swift Sound
2011-05-28 18:30 . 2011-05-28 18:30 -------- d-----w- c:\program files (x86)\NCH Swift Sound
2011-05-28 12:18 . 2011-05-28 12:18 -------- d-----w- c:\users\Jack\AppData\Local\{85BF8283-E166-421D-AB3E-013A139183DC}
2011-05-27 18:13 . 2011-05-27 18:13 -------- d-----w- c:\users\Jack\AppData\Local\{9ED43ECE-C3E0-46F5-AC04-1D489B52A01E}
2011-05-26 18:09 . 2011-05-26 18:09 -------- d-----w- c:\users\Jack\AppData\Local\{FC09203F-6EE0-4C41-9326-8D6B9AFF0652}
2011-05-25 20:14 . 2011-05-25 20:14 -------- d-----w- c:\users\Jack\AppData\Local\{CAA5D1BC-0C34-4B2B-89B6-7FD06F3D72CF}
2011-05-25 08:13 . 2011-05-25 08:13 -------- d-----w- c:\users\Jack\AppData\Local\{A37DBDE1-B0D2-41CD-ABF1-EE3A0651B0E4}
2011-05-24 18:10 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-23 18:45 . 2011-05-23 18:45 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-23 18:13 . 2011-05-23 18:13 -------- d-----w- c:\users\Jack\AppData\Roaming\Malwarebytes
2011-05-23 18:12 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-23 18:12 . 2011-05-23 18:12 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 18:12 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 18:12 . 2011-06-05 13:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-16 17:39 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 17:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-08 12:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-08 12:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-24 18:14 . 2011-01-20 15:42 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-04-09 07:02 . 2011-05-10 21:59 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:02 . 2011-05-10 21:59 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-10 21:59 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-25 03:29 . 2011-05-10 21:59 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:29 . 2011-05-10 21:59 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:29 . 2011-05-10 21:59 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:29 . 2011-05-10 21:59 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:29 . 2011-05-10 21:59 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:29 . 2011-05-10 21:59 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:28 . 2011-05-10 21:59 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-13 18:26 . 2010-06-24 02:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\msvfd32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys [x]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys [x]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-28 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Jack\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Jack\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\066g1cf7.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-11 17:09:46
ComboFix-quarantined-files.txt 2011-06-11 16:09
ComboFix2.txt 2011-06-11 14:39
ComboFix3.txt 2011-06-09 23:22
ComboFix4.txt 2011-05-26 22:53
ComboFix5.txt 2011-06-11 16:03
.
Pre-Run: 25,763,520,512 bytes free
Post-Run: 25,339,330,560 bytes free
.
- - End Of File - - EAE4A6A6F7DBDB967632E159840542E8
--------------------------------------------------------------------------------------------------

 

[johnb35]

Please navigate to c:\qoobox and in that folder will be a file named "add-remove programs.txt". Please open that file and post the contents of it back here. I need to leave for work but will give you more fixes when I get home tonight.

 

[Cobe]

???? ??? Windows Live
???? Windows Live
????? Messenger
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?? Messenger
???????? ?????????? Windows Live
????????? Messenger
?????????? Windows Live
??????????? ?? Windows Live
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.1
Akamai NetSession Interface
„Messenger“ pagalbine priemone
Apple Application Support
Apple Software Update
ASIO4ALL
Atheros Client Installation Program
Aventail Access Manager
Aventail Web Proxy Agent
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Complemento Messenger
Complément Messenger
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink YouCam
D3DX10
Doplnok programu Messenger
EA SPORTS Gameface Browser Plugin 1.3.1.0
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
Fotogalerija Windows Live
Free Studio version 5.0.8
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Graboid Video 2.06
HiJackThis
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Junk Mail filter update
Last.fm 1.5.4.27091
Malwarebytes' Anti-Malware version 1.51.0.1200
Marvell Miniport Driver
Mesh Runtime
Messenger-kumppani
Messenger ??? ??
Messenger ????
Messenger ?????
Messenger Assistent
Messenger Companion
Messenger kíséro
Messenger Pratilac
Messenger Suradnik
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 4.0.1 (x86 en-GB)
MSVCRT
MSVCRT_amd64
PC Wizard 2010.1.94
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pomocnik Messenger
Pošta Windows Live
QuickTime
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
SamsungMovie
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Spotify
Spremljevalec Messenger
Steinberg Groove Agent ONE Vintage Beatboxes
Uninstall 1.0.0.1
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
User Guide
VLC media player 1.0.1
WavePad Sound Editor
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima

 

[johnb35]

Please download Gooredfix to your desktop from here or here

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Win 7).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear.
• Please copy and paste the Goored.txt log in your next reply (it can be found on your desktop).

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Folder::
c:\users\Jack\AppData\Local\{A28DCEDD-B430-4441-8CD7-75E7A3E8FEE5}
c:\users\Jack\AppData\Local\{D5DD1E7A-6E3A-4353-BFD1-B93EA3B0F833}
c:\users\Jack\AppData\Local\{8370AFCD-3AAF-4040-8C33-B0653CF7EDD6}
c:\users\Jack\AppData\Local\{85BF8283-E166-421D-AB3E-013A139183DC}
c:\users\Jack\AppData\Local\{9ED43ECE-C3E0-46F5-AC04-1D489B52A01E}
c:\users\Jack\AppData\Local\{FC09203F-6EE0-4C41-9326-8D6B9AFF0652}
c:\users\Jack\AppData\Local\{CAA5D1BC-0C34-4B2B-89B6-7FD06F3D72CF}
c:\users\Jack\AppData\Local\{A37DBDE1-B0D2-41CD-ABF1-EE3A0651B0E4}

Firefox::
FF - prefs.js: browser.search.selectedEngine - Secure Search

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

 

[Cobe]

GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:30 on 12/06/2011 (Jack)
Firefox version 4.0.1 (en-GB)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:05 08/05/2011]

C:\Users\Jack\Application Data\Mozilla\Firefox\Profiles\066g1cf7.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox" [00:40 08/11/2010]
"{27182e60-b5f3-411c-b545-b44205977502}"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\" [00:40 08/11/2010]
"{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\" [00:41 08/11/2010]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [23:34 07/11/2010]

-=E.O.F=-

 

[Cobe]

ComboFix 11-06-11.01 - Jack 12/06/2011 13:34:20.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.2542 [GMT 1:00]
Running from: c:\users\Jack\Desktop\ComboFix.exe
Command switches used :: c:\users\Jack\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jack\AppData\Local\{8370AFCD-3AAF-4040-8C33-B0653CF7EDD6}
c:\users\Jack\AppData\Local\{85BF8283-E166-421D-AB3E-013A139183DC}
c:\users\Jack\AppData\Local\{9ED43ECE-C3E0-46F5-AC04-1D489B52A01E}
c:\users\Jack\AppData\Local\{A28DCEDD-B430-4441-8CD7-75E7A3E8FEE5}
c:\users\Jack\AppData\Local\{A37DBDE1-B0D2-41CD-ABF1-EE3A0651B0E4}
c:\users\Jack\AppData\Local\{CAA5D1BC-0C34-4B2B-89B6-7FD06F3D72CF}
c:\users\Jack\AppData\Local\{D5DD1E7A-6E3A-4353-BFD1-B93EA3B0F833}
c:\users\Jack\AppData\Local\{FC09203F-6EE0-4C41-9326-8D6B9AFF0652}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
2011-06-12 12:40 . 2011-06-12 12:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-12 11:47 . 2011-06-12 11:47 -------- d-----w- c:\users\Jack\AppData\Local\{FA55EFAF-C057-40AD-888B-69B779F577EA}
2011-06-10 18:08 . 2011-05-24 18:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95817D07-89FB-4CDC-87D5-BA79877DE327}\mpengine.dll
2011-06-09 16:34 . 2011-06-09 16:34 -------- d-----w- c:\windows\Java
2011-06-09 16:34 . 2009-11-12 16:19 27136 ----a-w- c:\windows\SysWow64\PCWizard.cpl
2011-06-09 16:34 . 2011-06-09 16:34 -------- d-----w- c:\program files (x86)\CPUID
2011-06-08 11:54 . 2011-06-08 11:54 -------- d-----w- c:\windows\system32\SPReview
2011-06-08 11:53 . 2011-06-08 11:53 -------- d-----w- c:\windows\system32\EventProviders
2011-06-08 11:45 . 2010-11-20 13:27 1900544 ----a-w- c:\windows\system32\setupapi.dll
2011-06-08 11:44 . 2010-11-20 13:27 172544 ----a-w- c:\windows\system32\twext.dll
2011-06-08 11:43 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-06-08 11:43 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-06-08 11:43 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-06-08 11:43 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-06-08 11:42 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-08 11:42 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-08 11:42 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-08 11:42 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-08 11:42 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-08 11:42 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-06-08 11:42 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-06-08 11:15 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-08 11:15 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-08 11:15 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-08 11:15 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-06-05 13:29 . 2011-06-05 13:29 388096 ----a-r- c:\users\Jack\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-04 22:25 . 2011-06-04 22:25 -------- d-----w- c:\users\Jack\AppData\Roaming\cYo
2011-06-04 22:25 . 2011-06-04 22:25 -------- d-----w- c:\users\Jack\AppData\Local\cYo
2011-06-04 22:06 . 2011-06-04 22:08 -------- d-----w- c:\program files\ComicRack
2011-06-04 21:58 . 2011-06-04 21:58 -------- d-----w- c:\users\Jack\AppData\Roaming\vlc
2011-06-04 20:27 . 2011-06-04 20:29 -------- d-----w- c:\users\Jack\AppData\Local\Graboid
2011-06-04 20:27 . 2011-06-04 20:27 -------- d-----w- c:\users\Jack\AppData\Local\Geckofx
2011-06-04 20:26 . 2011-06-04 20:26 -------- d-----w- c:\program files (x86)\VideoLAN
2011-06-04 20:26 . 2011-06-04 20:27 -------- d-----w- c:\program files (x86)\Graboid
2011-05-28 21:48 . 2011-05-28 21:48 -------- d-----w- c:\users\Jack\AppData\Roaming\NCH Software
2011-05-28 18:30 . 2011-05-28 18:30 -------- d-----w- c:\users\Jack\AppData\Roaming\NCH Swift Sound
2011-05-28 18:30 . 2011-05-28 18:30 -------- d-----w- c:\programdata\NCH Swift Sound
2011-05-28 18:30 . 2011-05-28 18:30 -------- d-----w- c:\program files (x86)\NCH Swift Sound
2011-05-24 18:10 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-23 18:45 . 2011-05-23 18:45 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-23 18:13 . 2011-05-23 18:13 -------- d-----w- c:\users\Jack\AppData\Roaming\Malwarebytes
2011-05-23 18:12 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-23 18:12 . 2011-05-23 18:12 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 18:12 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 18:12 . 2011-06-05 13:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-16 17:39 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 17:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-08 12:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-08 12:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-24 18:14 . 2011-01-20 15:42 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-04-09 07:02 . 2011-05-10 21:59 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:02 . 2011-05-10 21:59 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-10 21:59 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-25 03:29 . 2011-05-10 21:59 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:29 . 2011-05-10 21:59 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:29 . 2011-05-10 21:59 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:29 . 2011-05-10 21:59 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:29 . 2011-05-10 21:59 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:29 . 2011-05-10 21:59 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:28 . 2011-05-10 21:59 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-11_14.37.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-12 00:17 . 2011-06-12 00:17 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-06-11 00:03 . 2011-06-11 00:03 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-08 00:23 . 2011-06-12 11:48 48818 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-12 11:48 39486 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-19 23:46 . 2011-06-12 11:48 12686 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1972273453-3807663751-171534141-1001_UserData.bin
+ 2009-07-14 04:46 . 2011-06-12 11:52 96016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-06-12 11:45 . 2011-06-12 11:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-11 13:33 . 2011-06-11 13:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-11 13:33 . 2011-06-11 13:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-12 11:45 . 2011-06-12 11:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-06-12 00:16 317756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2011-06-12 11:45 4836440 c:\windows\system32\FNTCACHE.DAT
+ 2011-01-19 23:43 . 2011-06-12 00:16 17966596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1972273453-3807663751-171534141-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\msvfd32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys [x]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys [x]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-28 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Jack\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Jack\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\066g1cf7.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-12 13:42:22
ComboFix-quarantined-files.txt 2011-06-12 12:42
ComboFix2.txt 2011-06-11 16:09
ComboFix3.txt 2011-06-11 14:39
ComboFix4.txt 2011-06-09 23:22
ComboFix5.txt 2011-06-12 12:33
.
Pre-Run: 25,299,255,296 bytes free
Post-Run: 25,246,011,392 bytes free
.
- - End Of File - - A7B02F1DEFBBCD172D592ED6E3A29892

 

[johnb35]

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.